Table of Contents

1. Introduction
2. Supported Deployments
3. Documentation
4. Syntax
5. Usage
6. Limitations
7. Notes
8. What's new in R80.10
9. What's new in R77.30
10. Related solutions

 

(1) Introduction

CPView Utility is a text based built-in utility that can be run ('cpview' command) on Security Gateway / Security Management Server / Multi-Domain Security Management Server. CPView Utility shows statistical data that contain both general system information (CPU, Memory, Disk space) and information for different Software Blades (only on Security Gateway). The data is continuously updated in easy to access views.

On Security Gateway, this statistical data can be used to monitor machine's performance.

 

(2) Supported Deployments

CPView Utility is built-in and supported only on:

Versions	R77 GA and above R76SP.50
Operating Systems	Gaia OS SecurePlatform OS
Products	Security Gateway: versions R76SP.50, R77 and above - full monitoring of system resources, software blades, etc. version R77.10 and above - history mode was added version R76SP.50 - history mode is not supported Security Management Server: versions R77 and above - only monitoring of CPU, Memory and Disk Space versions R77 and above - history mode is not supported Multi-Domain Security Management Server: versions R77.30 and above - CPView is not supported anymore versions R77, R77.10 and R77.20 - only monitoring of CPU, Memory and Disk Space versions R77, R77.10 and R77.20 - history mode is not supported version R80.10 - Supported from R80.10 Jumbo HFA Take_203 version R80.20 - Supported from R80.20 Jumbo HFA Take_43 StandAlone: versions R77 and above - full monitoring of system resources, software blades, etc. versions R77.10 and above - history mode was added

 

(3) Documentation

• R80.20.M2 CPView Guide
• R77.20 CPView User Guide

 

(4) Syntax

• On Security Gateway R80.30 and above:

  [Expert@HostName:0]# cpview [-h [--help]] | [-t [--history]] | [-s [--services] <on | off | stat | export>]


  Where:

  Command	Description
  cpview --help	Display this help and exit.
  cpview -t	History mode.
  cpview -s	CPView admin on Turn on CPView services off Turn off CPView services stat Show CPView services status export Export current CPView data base CPView services is responsible for Data Base and SNMP activity.

• On Security Gateway R76SP.50, R77.10 up to R80.20:

  [Expert@HostName:0]# cpview [ [-t [<timestamp>]] | [-c <conf_file>] | [-p] ] | [-b [-t <sec> [-i <count>] [-j] [-l <filesize>] ] | [-s]] | [history [on] | [off] | [stat] | [export]]

  Where:

  Command	Description
  cpview --help	Prints the built-in help.
  cpview -p	Prints all CPView views once.
  cpview -c <conf_file>	Loads configuration from <conf_file>.
  cpview -b [-t <sec> [-i <count>] [-j] [-l <filesize>] ]	Prints batch statistics data. -t <sec> Sets time interval to <sec> seconds before the new dump info is generated. The value of <sec> must be greater than 30. -i <count> Limits dump info to <count> times. -j Compresses the generated logs after you run the "cpview -b -s" command to stop the instance. -l <filesize> Changes log file size limit to <filesize> MB (default = 1024 MB). In the background, data is dumped into logs saved in the /var/log/cpview/ directory.
  cpview -b -s	Stops the "cpview -b" instance that runs in the background.
  cpview history <on | off | stat | export>	Controls the CPView History daemon (cpview_historyd): on Starts the CPView History daemon. off Stops the CPView History daemon stat Checks whether the CPView History daemon is activated. export Exports the History database for archiving purposes only. On R77.30, it is available only when R77.30 Jumbo Hotfix is installed.
  cpview -t <timestamp>	Shows the history content from the /var/log/CPView_history/CPViewDB.dat file. Shows either the oldest available content, or from a given <timestamp>, where <timestamp> format is: [Jan...Dec] [01...31] [4-digit Year] [hh:mm:ss]

• On Security Gateway R77 only / Security Management Server R77 and above / Multi-Domain Security Management Server R77, R77.10 and R77.20 only:

  [Expert@HostName:0]# cpview [[-d] [ [-c <conf_file>] | [-p]]] | [-b [-t <sec> [-i <count>] [-j] [-l <filesize>] ] | [-s]]

  Where:

  Command	Description
  cpview --help	Prints the built-in help.
  cpview -d	Turns on the CPView debug.
  cpview -p	Prints all CPView views once.
  cpview -c <conf_file>	Loads configuration from <conf_file>.
  cpview -b [-t <sec> [-i <count>] [-j] [-l <filesize>] ]	Prints batch statistics data. -t <sec> Sets time interval to <sec> seconds before the new dump info is generated. The value of <sec> must be greater than 30. -i <count> Limits dump info to <count> times. -j Compresses the generated logs after you run the "cpview -b -s" command to stop the instance. -l <filesize> Changes log file size limit to <filesize> MB (default = 1024 MB). In the background, data is dumped into logs saved in the /var/log/cpview/ directory.
  cpview -b -s	Stops the "cpview -b" instance that runs in the background.

 

(5) Usage

• The CPView Utility functionality is provided via /bin/cpview_start.sh shell script, which calls the main daemon cpviewd

  • In R76SP.50, R77.30 and above:

    $CPDIR/bin/cpviewd

  • In R77-R77.20:

    • $FWDIR/bin/cpviewd
    • $CPDIR/bin/cpview_historyd (history daemon on Security Gateway, if history is set to "on")

• Output of 'cpwd_admin list' command shows the CPView Utility as CPVIEWD.

  Example:

  [Expert@HostName]# cpwd_admin list | grep -E "PID|CPVIEWD"
  APP        PID    STAT  #START  START_TIME             MON  COMMAND
  CPVIEWD    9732   E     1       [10:43:08] 12/1/2015   N    cpviewd
  

• Output of 'cpwd_admin list' command shows the CPView Utility History Daemon as HISTORYD (use the 'cpview history on | off | stat' commands).

  Example:

  [Expert@HostName]# cpwd_admin list | grep -E "PID|HISTORYD"
  APP        PID    STAT  #START  START_TIME             MON  COMMAND
  HISTORYD   8792   E     1       [10:42:05] 12/1/2015   N    cpview_historyd
  

• To stop the CPView Utility ('cpviewd') using the 'cpwd_admin' command:

  [Expert@HostName]# cpwd_admin stop -name CPVIEWD

• To start the CPView Utility ('cpviewd') using the 'cpwd_admin' command:

  • In R76SP.50, R77.30 and above:

    [Expert@HostName]# cpwd_admin start -name CPVIEWD -path "$CPDIR/bin/cpviewd" -command "cpviewd"

  • In R77-R77.20:

    [Expert@HostName]# cpwd_admin start -name CPVIEWD -path "$FWDIR/bin/cpviewd" -command "cpviewd"

• To load CPView history file that was collected on another machine:

  Note: Target machine must run the same Check Point version as the source machine.

  1. Get the history file from the source machine - /var/log/CPView_history/CPViewDB.dat.

  2. Copy the source CPViewDB.dat file to your target machine into /var/log/CPView_history/.

  3. Turn off the CPView history on the target machine:

     [Expert@HostName]# cpview history off

  4. Load the source history data:

     [Expert@HostName]# cpview -t <timestamp>

     Example:
     [Expert@HostName]# cpview -t Oct 24 2016 10:54:15

     Notes:

     • After entering the time stamp, use '+' and '-' to change the minutes.
     • The time presented in the CPview history is according to the time/timezone of the target machine, on which you open the CPview history file.
       If you need to see the exact timestamps of the source machine, then before loading the source CPView history data, change the timezone on your target machine to match the timezone of the source machine.

 

(6) Limitations

Configuration / View	Limitations
Security Gateway	History Mode is not supported in R77 GA (feature was added only in R77.10). History Mode is not supported in R76SP.50 (GA Take 84).
VSX Gateway	History Mode is currently not fully supported - only the information from the context of VSX machine itself (VS0) is recorded. "SysInfo" view always shows "Platform Gaia 32Bit", even when running 64-bit kernel (issue was resolved in R77.30).
Security Management Server (does not apply to StandAlone)	History Mode is not supported. This is by design.
Multi-Domain Security Management Server	Starting in R77.30, Multi-Domain is not supported (only R77, R77.10 and R77.20 are supported). History Mode is not supported. This is by design, while Smartview Tracker does not show any logs for port 1024.
"Top Protocols" show TCP:1024 as a high use protocol/service	This is by design. TCP:1024 represents all TCP high ports - TCP ports above 1024.
Gaia Embedded OS	600 / 700 / 1100 / 1200R / 1400 / Series-80 appliances are not supported.
X-Series XOS	X-Series appliances are not supported.
CPView History file that was collected on another machine	The time presented in the CPview history is according to the time/timezone of the target machine, on which you open the CPview history file. If you need to see the exact timestamps of the source machine, then before loading the source CPView history data, change the timezone on your target machine to match the timezone of the source machine.

 

(7) Notes

• Throughput displayed in Gaia Portal is much higher (approximately twice as much) than the throughput displayed in CPView Utility.

  • CPView Utility - Overview tab - section Traffic counters - counter Throughput

    The throughput data is obtained directly from the hardware.
    The total throughput is a sum of all throughput counters in each path (Fast Path, Medium Path, and Slow Path).

  • Gaia Portal - Overview pane - widget Throughput

    The throughput data is a sum of both Incoming and Outgoing traffic (sum of the RX packets and TX packets from /proc/net/dev).
    Packets are counted form all interfaces.
    If a packet passes through Slow Path (F2F), it will be counted twice.

  Example:

  

 

(8) What's new in R80.10

New view in CPView R80.10 is available - Mail Statistics related to Threat Emulation MTA:

• Number of e-mails in MTA queue (Software-blades -> Threat-Emulation -> MTA -> Queues)
• Mails Received / Processed / Modified / Deferred / Blocked / Skipped / Failed (Software-blades -> Threat-Emulation -> MTA -> Monitoring)

For details, refer to sk109699 - ATRG: Mail Transfer Agent (MTA) - section "(7) CPView integration".

 

(9) What's new in R77.30

New views in CPView R77.30 are available, enabling more accurate and detailed analysis for Security Gateway:

• Top protocols by throughput (Network -> Top-Protocols)
• Top connections by throughput (Network -> Top-Connections)
• Top protocols by CPU (I/S -> CPU -> Top-Protocols)
• Top connections by CPU (I/S -> CPU -> Top-Connections)
  Note: The mode of the Firewall Priority Queues on Security Gateway should be set to "1" (CPU Connections Statistics) - refer to sk105762 - section "(IV-B) Monitoring - Evaluation of Heavy Connections"
• Software-blades package updates information (Software-blades -> Overview) - displays information on last update time and package number for IPS, Anti-Virus, Anti-Bot, and Application Control blades.
• Threat-Extraction blade overview (Software-blades -> Threat-Extraction)
• CPView daemon "cpviewd" was moved from $FWDIR/bin/ to $CPDIR/bin/

 

(10) Related solutions

• sk103496 - Number of concurrent connections shown in CPView Utility depends on the status of SecureXL
• sk98955 - When running CPView, the output in the "I/S - CPU - Contexts" section is empty
• sk116876 - Meaning of protocol 'TCP:1024' in CPView
• sk97443 - Support Debug Tools